Technology Risk Director- Enterprise Engineering

Technology Risk Director- Enterprise Engineering Johnston, RI Job Details Full-time 18 hours ago Benefits Health insurance Dental insurance Tuition reimbursement Parental leave Vision insurance Opportunities for advancement Retirement plan Qualifications Jira COSO DevSecOps Practices Certified Information Systems Auditor Master's degree in business administration Managerial strategic planning Power BI Strategic management Qualys Master's degree in business Data visualization software proficiency Azure Bachelor's degree in information technology Cloud security engineering ISO standards Infrastructure as Code (IaC) Security engineering Master's degree in information technology IT service management Regulatory compliance CISSP Bachelor's degree in business Data reporting 11+ years Windows Tableau Master's degree in cybersecurity Databases

CISM AWS

Compliance management Docker Bachelor's degree Cloud-based systems Confluence Team management System risk assessment (security system operation) NIST standards Bank experience Master of Science Splunk Industry knowledge of financial regulations Risk management IT control testing Third-party risk management Business continuity planning ServiceNow Vulnerability management IT VMware Overseeing audit functions Identity and access management (IAM) solutions Senior level Regulatory audits Bachelor's degree in cybersecurity Business Risk & issue management Middleware systems Master of Business Administration RHEL Leadership CyberArk Vendor risk management Communication skills CRISC Regulatory compliance management Senior leadership Information Technology IT disaster recovery planning Full Job Description Description The Enterprise Technology & Security (ETS) Risk Director directs a team of risk professionals, developing comprehensive risk management strategies, and ensuring the organization's technology risk practices are robust, effective, and aligned with industry standards and regulatory requirements. This executive-level position provides strategic leadership over a dedicated ETS risk function, setting the direction for risk identification, assessment, and mitigation across the bank's technology and security domains. The Director serves as a key advisor to senior leadership on technology risk matters, drives the maturation of the enterprise risk framework, and maintains strong relationships with regulators, audit, and governance bodies. Responsibilities Lead and oversee the Technology Risk Management function, providing strategic direction to a team of risk professionals and fostering a culture of accountability, excellence, and continuous improvement. Develop, implement, and continuously evolve a comprehensive technology risk management strategy and framework aligned with enterprise risk appetite, regulatory expectations, and industry best practices. Oversee the identification, assessment, monitoring, and reporting of technology and security risks across systems, applications, infrastructure, and processes. Serve as the primary executive liaison for regulatory examinations, internal audits, and supervisory engagements related to technology and security risk, ensuring effective coordination and high‑quality outcomes. Define and maintain technology risk policies, standards, control libraries, and assessment methodologies to support consistent and scalable risk management practices. Partner with senior technology leaders, business executives, compliance, audit, and governance teams to embed risk management into strategic planning and decision‑making. Provide clear, actionable, executive‑level risk reporting and insights to the Risk Committees and senior management, translating complex risk landscapes into strategic guidance. Oversee the portfolio of risk findings, regulatory commitments, and corrective action plans, driving timely, effective, and sustainable remediation. Lead oversight of Third-Party Risk Management for the organization's technology and security critical service provider relationships. Monitor industry trends, emerging threats, and regulatory developments to proactively adjust the organization's risk posture. Champion a strong risk‑aware and risk‑informed culture across the technology organization through education, engagement, and communication. Team-Specific Requirements Cloud & Modern Engineering Platforms Working knowledge of cloud services and architectures (AWS and Azure preferred), including shared responsibility models, identity and access management, and cloud‑native security controls. Experience assessing risk in DevSecOps, CI/CD pipelines, containerized workloads (Docker/Kubernetes), and infrastructure‑as‑code environments. Infrastructure, Platform & Engineering Risk Strong understanding of enterprise infrastructure platforms, including Windows, Linux (RHEL), virtualization (VMware), databases, middleware, and core network services. Experience evaluating end‑of‑life (EOL) / end‑of‑support (EOS) risk, technical debt, and remediation prioritization across large engineering estates. Cybersecurity & Resilience Hands‑on familiarity with vulnerability management, platform hardening, secure configuration standards, and threat remediation prioritization. Experience with technology resilience, including BCP/DR, cyber recovery, data protection, backup strategies, and resiliency testing. Ability to translate engineering and cyber risks into business impact, service disruption, regulatory exposure, and customer risk. Risk Frameworks & Governance Deep experience with enterprise technology risk management routines, including RCSAs, issue management, risk assessments, targeted reviews, and control testing. Working knowledge of regulatory and risk frameworks relevant to financial institutions (FFIEC, NIST, ISO, COBIT, COSO, CRI). Proven ability to synthesize large volumes of technical risk data into clear, prioritized executive‑level insights. Risk, Issue, and Compliance Management Experience using GRC Archer (or equivalent platforms such as OpenPages) to manage RCSAs, issues, action plans, metrics, and regulatory responses. Familiarity with risk reporting, risk dashboards, and executive‑level risk metrics. Engineering, Security & ITSM Tooling Working knowledge of common enterprise tooling used by engineering and cyber teams, such as ServiceNow, Jira, and Confluence, to support risk intake, issue tracking, and remediation monitoring. Familiarity with vulnerability and security tools such as Qualys, Wiz, CrowdStrike, CyberArk, Splunk, or similar platforms to support effective oversight and challenge. Monitoring & Reporting Exposure to engineering and operational monitoring platforms (e.g., DataDog, Grafana, Tableau, Power BI), with the ability to interpret signals, trends, and risk indicators rather than operate the tools directly.

Experience & Skills Required:

12+ years of progressive experience in IT risk management, information security, or internal audit, including 5+ years in a senior leadership role. Demonstrated executive leadership experience, including building and developing high-performing risk teams in complex, regulated environments. Comprehensive expertise in risk frameworks including CRI Profile, NIST 800-53, NIST CSF, COBIT, and ITIL, with a track record of applying them at an enterprise scale. Deep familiarity with regulatory expectations and supervisory frameworks applicable to regional banks (OCC, Federal Reserve, FDIC). Exceptional communication and influencing skills; proven ability to present risk strategy and findings to Board-level and executive audiences. Experience leading large-scale regulatory examinations, audit engagements, and enterprise-wide corrective action programs. Proven ability to set strategic direction, manage organizational priorities, and deliver results in a fast-paced, evolving environment.

Preferred:

Prior experience as a risk director or equivalent executive in a federally regulated financial institution. Track record of building or transforming enterprise-level technology risk programs. Strong network within the financial services risk and technology community. Education Bachelor's degree in Information Technology, Cybersecurity, Business, or a related field required; Master's degree (MBA, MS in Cybersecurity, or equivalent) strongly preferred. One or more of the following certifications are preferred: CISSP (Certified Information Systems Security Professional) CISM (Certified Information Security Manager) CRISC (Certified in Risk and Information Systems Control) CISA (Certified Information Systems Auditor) Hours & Work Schedule Hours per

Week:

40

Work Schedule:

Monday-Friday Hybrid:

4 days per week onsite, 1 day remote Some job boards have started using jobseeker-reported data to estimate salary ranges for roles. If you apply and qualify for this role, a recruiter will discuss accurate pay guidance. Equal Employment Opportunity Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression, genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague's or a dependent's reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws. At Citizens, we are committed to fostering an inclusive culture that enables all colleagues to bring their best selves to work every day and everyone is expected to be treated with respect and professionalism. Employment decisions are based solely on merit, qualifications, performance and capability. Background Check Any offer of employment is conditioned upon the candidate successfully passing a background check, which may include initial credit, motor vehicle record, public record, prior employment verification, and criminal background checks. Results of the background check are individually reviewed based upon legal requirements imposed by our regulators and with consideration of the nature and gravity of the background history and the job offered. Any offer of employment will include further information. Benefits We offer competitive pay, comprehensive medical, dental and vision coverage, retirement benefits, maternity/paternity leave, flexible work arrangements, education reimbursement, wellness programs and more. Awards We've Received Glassdoor Best Place to Work in Consulting, Finance & Insurance The Banker's US Bank of the

Year Dave Thomas Foundation's Best Adoption-Friendly Workplace Disability:

IN Best Places to Work for Disability Inclusion Human Rights Campaign Corporate Equality Index 100 Award